DNS Security Extension Clarification on Zone Status
نویسنده
چکیده
The definition of a secured zone is presented, updating RFC 2535. The new definition has consequences that alter the interpretation of the NXT record, obsolete NULL keys, and the designation of "experimentally secure."
منابع مشابه
Enabling Secure On-Line DNS Dynamic Update
Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. In this paper, we point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS...
متن کاملSecure Online DNS Dynamic Updates: Architecture and Implementation
AbstRAct Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, the Internet Engineering Task Force (IETF) has defined a DNS Security Extension (DNSSEC) to provide data-origin authentication. In this paper, we point out two drawbacks of the DNSSEC standard in its handling of DNS dynamic updates: 1) the on-line...
متن کاملSignaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC)
The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be generated using different algorithms. This document specifies a way for validating end-system resolvers to signal to a server which digital signature and hash algorithms they support. The extensions allow the sign...
متن کاملProtocol Modifications for the DNS Security Extensions
This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the DNS. This document describes the DNSSEC protocol modifications. This document defines the concept of a signed zone, along with the requireme...
متن کاملGDS Resource Record: Generalization ofthe Delegation Signer Model
Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys to sign its resource records in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attacks on DNS. The DNSSEC validation process is based on the establishment ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- RFC
دوره 3090 شماره
صفحات -
تاریخ انتشار 2001